Security Aegis » Uncategorized

The Open Pentest Bookmarks Collection v1.2

James Fitts — Fri, 25 Feb 2011 02:33:34 +0000

Hey guys and gals of the security community. James Fitts here, I’m the new guy on the block over at SecurityAegis.com. I’ll be blogging and helping out with some of the projects we have going on. But enough about me, lets get down to the meat and potatoes. We launched the Open Pentest Bookmarks Collection [...]

The Open Pentest Bookmarks Collection v1.2 belongs to Security Aegis

The Open Pentest Bookmarks Collection

Jhaddix — Wed, 23 Feb 2011 07:45:13 +0000

New project a few buddies and myself have started: The Open Penetration Testing Bookmarks Collection …is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed [...]

The Open Pentest Bookmarks Collection belongs to Security Aegis

Mobile Hackery

Jhaddix — Thu, 17 Feb 2011 06:40:00 +0000

In the last few weeks I’ve been refreshing on mobile hacking, unknown protocols, non standard apps, and runtime analysis of binaries. Nothing new for a tester, but I remembered last years Security Bsides Las Vegas and a presentation a group called Intrepidus did. I realized how closely related the skillset for cursory malware analysis, mobile [...]

Mobile Hackery belongs to Security Aegis

Neurosurgery with Meterpreter

Jhaddix — Thu, 02 Dec 2010 08:16:44 +0000

Really thought provoking talk by Colin Ames from Attack Research on meterpreter manipulation of memory and processes (SOURCE Boston 2010). Whitepaper from Blackhat DC here.

Neurosurgery with Meterpreter belongs to Security Aegis

Nessus Parsing… 101?

Jhaddix — Sun, 21 Nov 2010 02:01:33 +0000

A good friend of mine David Shaw recently released his Nessus nbe parsing utility in ruby called nbesort.rb. Nbesort is great, especially for large Nessus scans. It's way more convenient than using the new web gui or viewing the reporting in HTML (old client) for looking at aggregate scan data. Using scripts like this allows [...]

Nessus Parsing… 101? belongs to Security Aegis

Nmap Scripting and Pcap Analysis

Jhaddix — Thu, 28 Oct 2010 20:45:17 +0000

There were a lot of really great talks at Toorcon and two of my best friends, David Shaw of Redspin and Nate Drier of Spiderlabs were kind enough to send me their video and slides. An introduction to the Nmap Scripting Engine by David Shaw: Intro to Nmap Scripting from Securityaegis on Vimeo. Slides: http://www.securityaegis.com/nse.pdf [...]

Nmap Scripting and Pcap Analysis belongs to Security Aegis

Pentesting with Burp Suite: Taking the Web Back From Automated Scanners

Jhaddix — Sun, 24 Oct 2010 21:44:58 +0000

Thanks to everyone at Toorcon who attended our talk: “Pentestng with Burp Suite, Taking the web back from automated scanners” When making the slides and presenting them in our hotel room we realized going through everything we wanted to was not feasible in 20min. So, keep an eye on twitter to see updates and [...]

Pentesting with Burp Suite: Taking the Web Back From Automated Scanners belongs to Security Aegis

Review: Advanced Penetration Testing (APT)

Jhaddix — Wed, 06 Oct 2010 19:17:11 +0000

Review: Advanced Penetration Testing (APT) This year I had the opportunity to take a few stellar instructor-led training courses, one of which was Joe McCray's "Advanced Penetration Testing: Pentesting High Security Environments" course from his training entity LearnSecurityOnline. Since I'm already doing pen testing full time I feel like it's a tremendous opportunity to see [...]

Review: Advanced Penetration Testing (APT) belongs to Security Aegis

Hacking with your Browser

Jhaddix — Fri, 13 Aug 2010 08:49:29 +0000

Today I rebuilt my Windows 7 partition. Amidst flurry of backing up I forgot to save my Firefox profiles. I figured this was a good time to review what I use addons-wise for all my day to day hacking needs. First things first, most of these addons will have compatibility issues. To update a Firefox [...]

Hacking with your Browser belongs to Security Aegis

Blackhat and Defcon Parties

Jhaddix — Sun, 18 Jul 2010 04:38:41 +0000

Every year we head to the desert to learn the newest attack/defenses in the world, to share groundbreaking ideas… but not least of all, to have some fun! Who? When? (July) Time Where? Link/RSVP Why? ModSecurity Happy Hour Wednesday 28th 4-6pm munchbar @ Caesar's Palace open to anyone modsecurity is awesome MAD & [...]

Blackhat and Defcon Parties belongs to Security Aegis